Overview
This note describes an example of an x86 single board computer (SBC) running some local network services i.e. DNS, DHCP, and NTP for a 192.168.x network. More advanced services like pf can be added later. An advantage of amd64/x86 hardware is that, as a tier level 1 system, the updating of the whole system can be done via binary downloads using freebsd-update. This installation was done in May-2019.
Example hardware
- Wyse Dell Thin Client CX0/C10LE (see https://www.parkytowers.me.uk/thin/ for similar systems)
- 1GHz C7 Eden CPU (low power)
- 2GB RAM
- micro-IDE (with high speed flash adapter for a 32GB trans flash card)
- 6x USB2 (4 are socketed)
- 10/100/1000 network
- BIOS or UEFI?
- this system uses a BIOS to initialise hardware and start a boot process
- the DEL key gets you into the BIOS with the default BIOS password Fireport
- Other information:
- www.freebsd.org
- Search for Wyse thin clients FreeBSD
FreeBSD install
- Using 12.0-RELEASE (download link)
- Set hostname, main network interface details (DHCP is usually OK to start with), initial user account, etc.
- After the install and rebooting, with the system connected to the internet, login as user root and bring the system up to current patch levels with commands:
# freebsd-update fetch
# freebsd-update install
Basic packages
Recall: to install package x, login as user root (or do su root) and enter command pkg install x
Enter the following commands to install some basic packages (version numbers were current in early May 2019):
# pkg install bash-5.0.3
# bash
# for x in boehm-gc-8.0.4 ca_root_nss-3.44 dnsmasq-2.80_2,1\
en-freebsd-doc-52793,1 gettext-runtime-0.19.8.1_2 gmp-6.1.2_1\
indexinfo-0.3.1 kermit-9.0.304 libidn2-2.1.1\
libunistring-0.9.10_1 nettle-3.4.1_1 openntpd-6.2p3_1,2\
pkg-1.10.5_5 sudo-1.8.27_1 wget-1.20.3\
pkg-1.10.5_5 sudo-1.8.27_1 wget-1.20.3\
zile-2.4.14_6 do pkg install $x ; done
Configuration
1 Main settings: Login as root, and adjust file /etc/rc.conf to be something like
sendmail_enable="NONE" # disable sendmail
lpd_enable="NO" # disable printing
cups_enable="NO"
cupsd_enable="NO"
mixer_enable="NO" # disable audio
hostname="myHostNameXX.local" # setup basic networking
ifconfig_vge0="inet 192.168.X.XX netmask 255.255.255.0"
# assume main interface is static
# assume main interface is static
ifconfig_DEFAULT="DHCP" # other network interfaces use default DHCP on their subnets
defaultrouter="192.168.X.XX"
gateway_enable="YES" #for ipv4
routed_enable="YES" ## enable routing daemon (needed if pf=NO)
sshd_enable="YES" # want ssh logins
autofs_load="YES" # autofs mounting of NFS
autofs_enable=YES
nfsuserd_enable="YES"
openntpd_enable="YES" # enable time via OpenNTP
openntpd_flags="-s"
ntpd_enable="NO"
dnsmasq_enable="YES" # enable dns and dhcp
powerd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
As the system is assumed to be managing network services, we setup its main network with a static IP (but any others can default to use DHCP on their subnet). Services include network time server (openntpd), dhcp and dns (dnsmasq), and basic routing (gateway, routed).
Notes:
a) Search for X for items that definitely need a change.
b) The main network interface is named vge0 here and depends on hardware present.
2 DHCP and DNS services: The dnsmasq application can serve DHCP information and DNS information locally. As user root, adjust file /usr/local/etc/dnsmasq.conf and enter any DHCP data for your local network. Look for sections relevant to
dhcp-range=192.168.X.40,192.168.X.79,12h #IP numbers to serve
#interface=uath0 # set the interface(s) to serve if >1 network interface
local-service # choose to serve on local network
# individual host entries
dhcp-host=c8:2a:14:26:81:40,raphael # raphael defined in /etc/hosts
dhcp-host=01:bc:8c:cd:d7:25:5e,aircon_office # other names also defined
dhcp-host=88:d7:f6:8d:ca:22,ASUS_Zenfone_3_Zoom
dhcp-host=ba:1b:47:bf:9d:15,pm-rock64w
dhcp-host=00:0a:35:00:22:01,zcu102
dhcp-host=c8:2a:14:26:81:40,raphael # raphael defined in /etc/hosts
dhcp-host=01:bc:8c:cd:d7:25:5e,aircon_office # other names also defined
dhcp-host=88:d7:f6:8d:ca:22,ASUS_Zenfone_3_Zoom
dhcp-host=ba:1b:47:bf:9d:15,pm-rock64w
dhcp-host=00:0a:35:00:22:01,zcu102
To service a DNS request, the dnsmasq app can be configured to first refer to the /etc/hosts file and, if no answer is obtained, it will pass a request upstream to the DNS sources listed in this FreeBSD system's file /etc/resolv.conf (default setting for option resolv-file). To speed up operation, dnsmasq also maintains a local cache of DNS data. As user root, check and optionally modify the resolv.conf file to look something like
search local
nameserver 9.9.9.9
nameserver 192.168.ISP.MODEM
nameserver 1.1.1.1
nameserver 8.8.8.8where dnsmasq is made to check locally, and then work through a list of DNS sources until a response is obtained. I usually choose local, then a high speed anonymous DNS source, then what my ISP modem caches according to ISP settings (adjust or delete the line containing "ISP.MODEM"), and finally some other notable sources.
Note: dnsmasq has many options for tuning how to respond (or not respond) to queries, whether it refers to the host's resolv.conf file, and also behaviour that can be triggered via a number of signals. Multiple interfaces and subnets can be handled, and also protocols such as tftp. See the man page for lots of details.
3 Setting/checking host name and IP: Adjust file /etc/hosts e.g. append text lines like below (adjust X XX as appropriate)
192.168.X.XX myHostNameXX myHostNameXX.local # BSD services
192.168.X.8 raphael raphael.local # Apple MBP
192.168.X.84 zcu102 # Xilinx dev brd
4 Time serving: To enable time serving to other hosts, append the following text to file /usr/local/etc/ntpd.conf
# Addresses to listen on (ntpd does not listen by default)
listen on *
5 Miscellaneous services: Check files /usr/local/etc/*.conf (typically require no further change for now).
6 Boot time and periodic tasks: Any local options to adjust configuration at boot time can be managed via a script that cron runs at "reboot" e.g. login as root and enter command
# bash -login
# export EDITOR=zile #if you prefer emacs style editing
# crontab -e
and then edit and save the file with contents such as
# Set to run via cron at daily and reboot times
## daily
35 4 * * * /root/bin/sh.local_setup >/tmp/local_setup.daily.txt 2>&1
#
@reboot /root/bin/sh.local_setup >/tmp/local_setup.reboot.txt 2>&1
55 4 * * * /root/bin/sh.manual_duckdns_update 2>&1 > /dev/null
55 13 * * * /root/bin/sh.manual_duckdns_update 2>&1 > /dev/null
55 13 * * * /root/bin/sh.manual_duckdns_update 2>&1 > /dev/null
where script /root/bin/sh.local_setup does any local work at boot up and also 4:35am. Note that I have included another script to update a dynamic dns entry at 4:55am and 1:55pm in this example.
Reminder Notes
An easy way to remember important maintenance commands is to display them in the message of the day. As user root, append text such as the following to /etc/motd
Package updates: pkg update ; pkg upgrade
System updates: freebsd-update fetch ; freebsd-update install
System temperature: sysctl -a | grep temperature
System getty tasks: ps waux|grep getty
autofs restart: sudo sh /etc/rc.d/automount restart
dnsmasq restart: sudo /usr/local/etc/rc.d/dnsmasq restart
DHCP status: cat /var/db/dnsmasq.leases
sshfs status: sockstat | egrep ssh
Serial Console and/or Serial Port Login hardware
A login option via a serial port is a useful fallback option for systems running without a screen should networking faults occur. If the SBC has a serial port, this is straightforward to setup. Without a serial port, one approach is to plug in a USB-serial adapter to the SBC. As your other system is likely to lack serial ports but have USB, one can make a USB↔3-wire↔USB adapter using two Arduino/esp8266 style USB-to-uart-TTL adapters joined in a 3-wire configuration with loopback handshaking (similar to this wikipedia item) using connections like in this wiring diagram. Some additional local configuration is needed:
a) Try for support of a serial console by creating/appending to file /boot.config
-h
b) Enable serial port support and also dual serial port & keyboard/screen console by appending to file /boot/loader.conf
#ucom_load="YES"
#ucom_load="YES"
hw.usb.ucom.device_mode_console="1"
#umodem_load="YES"
#uslcom_load="YES"
hw.usb.template=3
#
boot_multicons="YES"
boot_serial="YES"
comconsole_speed="115200"
console="comconsole,vidconsole"
autoboot_delay="3"
Note: setting console to "comconsole,vidconsole" allows both keyboard/screen console and serial port console on a BIOS based system. If the system uses UEFI instead, replace "vidconsole" by "uefi".
c) Enable logins via the serial port by appending text to file /etc/ttys
# From https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/usb-device-mode-terminals.html
ttyU0 "/usr/libexec/getty 3wire.115200" xterm-256color onifexists secure
ttyU1 "/usr/libexec/getty 3wire.115200" xterm-256color onifexists secure
Note the choice of terminal type and onifexists.
Current status
- This allows system logins from another host (using minicom/picocom/kermit which accesses the USB-to-uart at 115200bps) but boot up messages have not been successfully displayed on this serial port.
- Some recent forum posts mention getty restart problems but these disappeared (note my choices above) but with the system updated to 12.0-RELEASE-p3 GENERIC i386 this seems OK here (although I did at one stage have a script manually launching /usr/libexec/getty 3wire.115200 ttyU0 at boot time).
No comments:
Post a Comment